KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HKnx Engineering Tool Software 5
APPKnx≤ 5.7.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References
Related vulnerabilities
CVE-2015-8299CRITICAL9.8ten sam vendor
Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers t...
CVE-2023-4346HIGH7.5ten sam vendor
KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, ...
CVE-2021-43575MEDIUM5.5ten sam vendor
KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing...